NASSCOM Cyber Security Task Force
Working Group Discussion Slides
A NASSCOM®Initiative
NASSCOM Cyber Security Task Force
Industry Development
Policy Development
Technology
Development
Skills
Development
Four Working Groups
Scope / Charter
Recommendations
Opportunities for Indian Industry
NASSCOM envisages
the Indian IT-BPM industry to achieve a
size of USD
350-400 billion by 2025
; the country
can aspire
to build a
cybersecurity
product and services industry
of
USD 35-40 billion by 2025
Currently, Indian industry revenue from security is
estimated to be
around 1%
(USD 1.5 billion) of overall IT-BPM industry revenue (USD
146 billion); by 2025, India can aspire to
scale it to 10%
Generate a million skilled jobs
in the security space by 2025 to cater to the
rising global demand of security professionals – current global shortfall is
estimated to be around 0.7 million, expected to rise to 1.5 million in 2020
as per (ISC)2 – Frost and Sullivan – Booz Allen Hamilton Report
A NASSCOM®Initiative
Global Initiatives/ Best Practices in WG Domains
•
In Israel
o
200 cyber security firms; 78 companies have
raised USD 400 million since 2010
o
cyber related exports are more than 5 percent of
global market
•
US Department of Homeland Security has nurtured
cyber security start-ups like Kryptowire & Nowsecure
•
Israel: Cyber security incubator established; Ben
Gurion University has become the hub of Cyber
Security Research and innovation.
•
US: The federal cybersecurity R&D strategic plan
intends to strengthen and leverage the link
between industry and academia.
•
UK: National Technical Assistance Center: Research
in encryption & cryptanalysis
Technology Development
Industry Development
Skill Development
Policy Development
•
Many countries have established processes for
policy implementation, proactive review with clear
activity timelines and accountability mechanisms
•
Policy push – R&D investment, IP ownership &
product commercialization
•
Policy enables PPP initiatives - Coordinating
Councils in US, National Cyber Security Hub in UK
•
In US, protection for organization sharing security
information with govt. through Cyber Intelligence
Sharing and Protection Act (CISPA) – bill debated
•
In UK
o
Government offers apprenticeships to boost the
number of civil service cyber specialists, cyber
security training in further and higher education
o
Cyber specials’ program to bring volunteer police
officers with specialist skills
•
Israel Education ministry has set up after-school programs
for cyber security in middle & high school.
•
In US, National Initiative for Cybersecurity Education
A NASSCOM®Initiative
Industry Development Group
A NASSCOM®Initiative
Technology Development Group
1. Visibility & Motivation - PM as ‘brand ambassador’for ‘Secure India’ Movement: The research and innovation in the area of Cyber Security requires a major impetus if India is to emerge on the global map. The Honorable Prime Minister be requested to help create a national movement ‘secure India’, and be the ‘brand ambassador’to galvanize the faculty and students at nation’s academic institutions, and young Indian innovator firms in a movement similar to ‘Swachh Bharat’ for cyber security research and development of products. National, State and college level hackathonsto be also held.
2. Creation of Sectoral CERTs+: Each core industrial sector to have a ‘sectoral CERT’ on similar lines as the (RBI’s) Banking CERT. These to act as means for i) cyber security intelligence exchanges for respective sectors, ii) be affiliated with the sectoral Government Regulator and create sectoral compliance regulations, leading to direct creation of demand for sector specific cyber security solutions and create impetus for product innovation by the industry in response to the demand, iii) Enable sector specific PPP partnerships for R&D by academic institutions (COEs, labs, etc.) and innovation of security products by the Industry, by giving visibility to sector specific needs and revenue potential, iv) have a role in validating new technology solutions and setting standards for their sectors,
3. Role of Industry - NASSCOM, DSCI & Other Bodies: i) take the initiative in creation of Sectoral CERTs+. ii) Help in creation of a PPP innovation & incubator fund (see para 6 below), ii) Mapping of existing
Industry capabilities and products, iii) Facilitate academia -industry collaboration for commercial
incubation of R&D outcomes. iv) Work with Sectoral CERTs+ for identification of sector specific requirements and Technological Gap
identification
4. Reduce Procurement Barriers for new Products of Small Firms in Govt Procurement: Govt will be the single largest customer of cyber security products. i) New innovation driven technologies and products by innovator firms must have a means to meet the procurement qualification requirements. For this there is a requirements to create ‘testing certifications and quality standards’. If a young Indian company can successfully meet, these then it would be eligible for R&D grant/subsidy of the testing certification cost, as also its products eligible for govt procurement (often as OEM through SIs). Ii) Procurement plans and roadmaps for the govt requirements must be released for next five years annually, this would make the potential demand and revenue potential visible to the Industry of the ‘largest customer’ and help Industry in taking commercial decisions to invest in ‘product development and R&D
5. Govt to Outsource Paid R&D to Small Innovator Firms and Academic Institutions:The R&D base of the country needs expansion through outsourced paid research for greater access to talent and grass-root innovation capabilities that exist in the private industry
6. Creation of National Cyber Security Innovation Fund: A PPP based fund with participation by the Govt, Sectoral CERTs+, and the financial institutions with the main aim to identify new technologies and products and innovator firms to invest in, mostly at commercial terms. This fund would also act as the incubator for new technologies, in partnership with Sectoral CERTs+ and R&D institutions
A NASSCOM®Initiative
Skills Development Group
One million certified skilled cybersecurity professionals by 2025
1.
Develop cybersecurity as a national mainstream cadre
. Mandate through SSC, global best
practices and certifications:
•
200 universities/colleges to run both dedicated stream and commercial research
•
200 vocational training providers
•
5 regional security hubs integrated with industry
2.
Select 100 Cybersecurity “Drone”acharyas and establish 10 COEs
to create a pool of
expert Cybersecurity trainers
3.
Govt. declares cybersecurity as a strategic sector
on par with the space, atomic energy
and defence and make investments for capability and capacity building
4.
Attract the best talent for Cybersecurity
via widespread advocacy, early introduction in
schools and talent search through hackathon and reality shows
5.
Mandate Cybersecurity health index
of essential public services, critical infrastructure and
public companies
6.
Embed Cybersecurity in the academic curriculum
across all levels for creating cyber aware
citizens
A NASSCOM®Initiative
Policy Development Group
A NASSCOM®Initiative
Policy Development
Policy advocacy (initiatives/ amendments) required for
CS Industry (Product + Services) Development Ecosystem
1. Capability Development through PPP
Addressing trust issues (PPP)
– Contracted projects to private sector to develop solutions/ technology,
security clearance of individuals; secure sites
Establishing Cyber Military Industrial Complex
Engaging industry (including startups) on contracts
in existing CS initiatives such as NCCC, Botnet Clearing
2. Promoting innovation and startups
Govt. promoting startup ecosystem (funds, incubation, infrastructure, IP-Patent issues etc.)
to be developed;
single window or distributed?
System Integrators (SIs) to include and promote startups in solutioning
eg. internal incubation programs
Procurement (including tendering) & audit processes
of govt. to encourage
startups
– eg. EMD requirements,
market share restrictions, etc.
3. Showcasing Indian industry abroad
– international delegations, conferences, road shows etc.
4. Testing and Assurance mechanisms
– Test Labs, Certifications – harmonized with global standards, domestic +
global market + becoming global delivery hub
5. Enabling Framework
– Cyber Commission; Privacy Law, Info exchange framework, encryption policy, Cyber Security Act
(mandatory disclosures on structure, investments, etc.), LEA capability building, international cooperation etc.;
whistleblowing provisions and policies in government & private sector; e-security index